Why is the deb installing keys and repositories on my system without permission? #39544
Assignees
Labels
*duplicate
Issue identified as a duplicate of another issue(s)
install-update
VS Code installation and upgrade system issues
Comments
vscodebot
bot
added
the
install-update
|
Just to add context; The key/repo is installed to facilitate automatic updates more easily without the user needing to add these manually. This "feature" is not in question here. VSCode is targeted towards developers not general public, and so security should be given more consideration. |
|
We plan on fixing this by bringing in support for snap packages #5458 in the next couple of months as auto-updating will then be handled by the Snapcraft Store. In the meantime you can use the tarball if the current deb package is a concern. There's also an issue to allow opting out of the key/repo install via an environment variable here #22145 (closing as duplicate of that) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Steps to Reproduce:
Having the software stay up to date is great, and I would likely install the repository manually, but, the audacity to add a repo to my apt lists and a trusted key without my permission, or any indication that it has been done is utterly abhorrent.
I suggest a prompt for permission to add such key and repository is presented to the user, as the current method is an abuse. I have no ability to install the deb without providing root/sudo permission, and hi-jacking that permission to also add these to my system without permission or notification is exactly the underhanded behavior I expect from Microsoft products.
The text was updated successfully, but these errors were encountered: